FlowSignal

RACP Conformance Review

Most AI environments cannot demonstrate runtime authority. If a board, auditor, regulator, or inquiry asked tomorrow: who held authority at execution time — and can you prove it?

The RACP Conformance Review is a structured assessment of one defined decision domain against the five runtime control requirements of a Runtime Authority Control Plane (RACP).

Request Conformance Review View Conformance Levels
Vendor-neutral Evidence-led Board-ready outputs

What the Review Assesses

This is not a documentation review. It tests what operates at decision time: authority, enforcement, escalation, and what is demonstrable under scrutiny.

1) Authority

  • Named accountable decision owner
  • Explicit delegation pathways
  • Defined authority limits
  • Separation-of-duties where required

2) Constraints

  • Runtime enforcement of boundaries
  • Threshold validation logic
  • Prohibited action safeguards
  • Rate and scope controls

3) Evidence

  • Authoritative data sources
  • Provenance validation
  • Freshness controls
  • Fail-closed logic where evidence is insufficient

4) Escalation

  • Deterministic intervention triggers
  • Authority transfer pathways
  • Timeout handling
  • Logged override events

5) Runtime Control & Audit

  • Pause or degrade autonomy capability
  • Immutable decision receipts
  • Replayable state transitions
  • Demonstrable audit artefacts

Signals inform. RACP governs. Systems execute. Monitoring proves.

The review identifies what is defensible today, what is assumed, and where runtime exposure exists.

What You Receive

Outputs are designed to be legible to executives and actionable for architecture and risk teams.

RACP Conformance Scorecard

A Level 0–3 maturity assessment at decision-domain level, with clear evidence references for what is demonstrable.

Authority Map

Named ownership and delegation pathways — including where authority is implicit, diffuse, or non-enforceable.

Constraint & Escalation Analysis

Boundary weaknesses and oversight risks expressed as concrete control requirements (not generic process recommendations).

Evidence Chain Assessment

Where evidence conditions are validated at runtime — and where execution proceeds on assumption.

Executive Risk Brief

Board-ready summary: what is defensible, what is partially demonstrable, and where the organisation is exposed.

The outcome is clarity: which decisions are governable today, and what must be designed to reach Level 3 (Governed).

If deeper design work is required, the next step is typically a short Authority Validation Sprint — but only where warranted.

Who It’s For

CIOs, CDOs, Heads of Risk, Enterprise Architects, and leaders responsible for decisions that AI influences — and who will be accountable when those decisions are scrutinised.

Engagement Scope

  • Focused on one live decision domain
  • Typically delivered over 2–3 weeks
  • No system replacement required
  • Vendor-neutral and evidence-led

Why Conformance Matters

Without explicit runtime authority enforcement, assurance depends on documentation rather than control.

Conformance makes governance measurable. It surfaces where authority is real, where it is assumed, and what would fail under scrutiny.

Request Conformance Review

Request a Conformance Review

If your organisation is deploying AI where accountability matters, we should talk before decisions are automated.

Email: grahamb@flowsignal.ai

Fastest first message: Two lines on the decision being influenced, and what “harm” would look like if it went wrong.

One question we’ll ask early

If this decision was investigated tomorrow, could you show who held authority at the moment it executed?

FlowSignal does not certify models. We certify decision authority.